Another fake INTUIT spam run is in progress, this time using the domain sony-zeus.net to deliver the payload.
The malware is hosted on sony-zeus.net/content/ap2.php?f=ef572 and sony-zeus.net/main.php?page=fac4e861546108ef on 213.179.193.132 (Solidhost, Netherlands). We've seen this IP before, so it is well worth blocking.
Showing posts sorted by date for query 213.179.193.132. Sort by relevance Show all posts
Showing posts sorted by date for query 213.179.193.132. Sort by relevance Show all posts
Wednesday, 7 March 2012
Tuesday, 6 March 2012
Intuit.com spam / icemed.net
It's lunchtime here.. which means that the malware spam campaigns tend to kick off. One of these is this Intuit.com spam:
The malicious payload is at icemed.net/content/ap2.php?f=b74bf and icemed.net/main.php?page=ffa1bed3ef7ceb23 (report here). This is hosted on 213.179.193.132 (Solidhost, Netherlands), 41.64.21.71 (Dynamic ADSL, Egypt). We've seen these IPs before, so they are well worth blocking.
Date: Tue, 6 Mar 2012 14:04:46 +0200
From: "INTUIT INC."
Subject: Dowload your Intuit.com invoice.
Dear Client:
Thank you for placing an order with Intuit Market. We have received it and will let you know when your order is processed. If you ordered several items, we may process them in more than one shipment (at no extra cost to you) to ensure quicker delivery.
If you have questions about your order, please call 1-800-955-8890.
ORDER INFORMATION
Please download your invoice
id #318651746029 information at Intuit small business website.
NEED HELP?
Email us at mktplace_customerservice@intuit.com.
Call us at 1-800-955-8890.
Reorder Intuit Checks Quickly and Easily starting with
the information from your previous order.
To help us better serve your needs, please take
a few minutes to let us know how we are doing.
Submit your feedback here.
Thanks again for your order,
Intuit Market Customer Service
Privacy , Legal , Contact Us , About Us
You have received this business communication as part of our efforts to fulfill your request or service your account. You may receive this and other business communications from us even if you have opted out of marketing messages.
Please note: This e-mail was sent from an auto-notification system that cannot accept incoming email
Please do not reply to this message.
If you receive an email message that appears to come from Intuit but that you suspect is a phishing e-mail, please forward it immediately to spoof@intuit.com. Please visit http://security.intuit.com/ for additional security information.
�2011 Intuit, Inc. All rights reserved. Intuit, the Intuit Logo, Quickbooks, Quicken and TurboTax,
among others, are registered trademarks of Intuit Inc.
The malicious payload is at icemed.net/content/ap2.php?f=b74bf and icemed.net/main.php?page=ffa1bed3ef7ceb23 (report here). This is hosted on 213.179.193.132 (Solidhost, Netherlands), 41.64.21.71 (Dynamic ADSL, Egypt). We've seen these IPs before, so they are well worth blocking.
Friday, 2 March 2012
Intuit.com spam / migdaliasbistro.net and 213.179.193.132
The past couple of days have seen a lot of identical "Intuit.com" spam runs. Another one is starting up today with a malicious payload on migdaliasbistro.net hosted on 213.179.193.132 (Solidhost, Netherlands) and 41.64.21.71 (Dynamic ADSL, Egypt)
In particular, malware can be found at:
migdaliasbistro.net/main.php?page=4f7249b62ef4f934
migdaliasbistro.net/content/ap2.php?f=86cd2
There's a Wepawet report here.
There are several potentially malicious sites on this server. Blocking the IP address should protect against other evil domains:
perikanzas.com
abc-spain.net
migdaliasbistro.net
twistedtarts.net
In particular, malware can be found at:
migdaliasbistro.net/main.php?page=4f7249b62ef4f934
migdaliasbistro.net/content/ap2.php?f=86cd2
There's a Wepawet report here.
There are several potentially malicious sites on this server. Blocking the IP address should protect against other evil domains:
perikanzas.com
abc-spain.net
migdaliasbistro.net
twistedtarts.net
Tuesday, 28 February 2012
BBB Spam / perikanzas.com and twistedtarts.net
BBB spam.. you must know what it looks like by now. Here are a couple of new domains:
perikanzas.com
41.64.21.71 (Dynamic ADSL, Egypt)
213.179.193.132 (Solidhost, Netherlands)
twistedtarts.net
109.68.33.18 (Mesh Digital, UK)
perikanzas.com
41.64.21.71 (Dynamic ADSL, Egypt)
213.179.193.132 (Solidhost, Netherlands)
twistedtarts.net
109.68.33.18 (Mesh Digital, UK)
Subscribe to:
Posts (Atom)